Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message
Dawg
RavenNuke(tm) Development Team



Joined: Nov 07, 2003
Posts: 928

PostPosted: Thu Jan 19, 2012 7:29 pm Reply with quote

Guys I have a Stumper for you...

This is one PHP 5.3.8-2.el5.art, MYSQL 5.5.18-1.el5.art, RN 2.5
I can NOT get mysql_real_escape_string to work.

Example code....
I am sparing you the entire SQL statement. It works like a champ without mysql_real_escape_string.


Code:
list ($tid,$town_name,$rank) = $db->sql_fetchrow($result);

                $tid = mysql_real_escape_string($tid);


From the server log file....
[Thu Jan 19 20:25:56 2012] [error] [client XX.XXX.XXX.XXX] PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'apache'@'localhost' (using password: NO) in /complete_path/index.php on line 245, referer: [ Only registered users can see links on this board! Get registered or login! ]
[Thu Jan 19 20:25:56 2012] [error] [client XX.XXX.XXX.XXX] PHP Warning: mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in /complete_path/index.php on line 245, referer: [ Only registered users can see links on this board! Get registered or login! ]

There is a DB connection right above this in the SQL statement so it SHOULD use that connection.

Thank You for your time!

Dawg


If anyone has any ideas....Please let me know.


Last edited by Dawg on Thu Jan 19, 2012 9:17 pm; edited 1 time in total 
View user's profile Send private message
nuken
RavenNuke(tm) Development Team



Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina

PostPosted: Thu Jan 19, 2012 7:50 pm Reply with quote

try using mysqli_real_escape_string

_________________
Tricked Out News 
View user's profile Send private message Send e-mail Visit poster's website
Dawg







PostPosted: Thu Jan 19, 2012 8:01 pm Reply with quote

I have...No Love.

Thanks for the try though....It is a STUMPER!

Dawg
 
nuken







PostPosted: Thu Jan 19, 2012 8:28 pm Reply with quote

Give the RN function $db->sql_escape_string() a try.
 
Dawg







PostPosted: Thu Jan 19, 2012 8:30 pm Reply with quote

Do you mean like this?

$tid = $db->sql_escape_string($tid);
 
Dawg







PostPosted: Thu Jan 19, 2012 8:32 pm Reply with quote

That worked....Should I use this in place of mysql_real_escape_string

I have never seen or heard of $db->sql_escape_string()

Dawg
 
nuken







PostPosted: Thu Jan 19, 2012 8:37 pm Reply with quote

I would. I is a built in RavenNuke db layer function that is used for mysqli_real_escape_string function.
 
Dawg







PostPosted: Thu Jan 19, 2012 8:46 pm Reply with quote

Got ya...THANK YOU! This has driven me NUTS for a couple of days!

Dawg
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Thu Jan 19, 2012 8:52 pm Reply with quote

I am making this a sticky - thanks!
 
View user's profile Send private message
Dawg







PostPosted: Thu Jan 19, 2012 8:53 pm Reply with quote

Raven,

You might also want to move this to the 2.5 forum.

Dawg
 
fkelly
Former Moderator in Good Standing



Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Thu Jan 19, 2012 9:04 pm Reply with quote

Oops ... thanks Dawg and Nuken for tracking this down. I had a problem report on modules I have written tonight about data not being saved. Tracked it down to this same cause. I know that I was using mysql_real_escape_string in the 2.5 code but just looked and Palbin must have globally changed it to the correct code. I guess I just missed where that was communicated. Nonetheless any customized modules that people are trying to run with 2.5 are going to run into problems until they are converted.
 
View user's profile Send private message Visit poster's website
fkelly







PostPosted: Thu Jan 19, 2012 9:32 pm Reply with quote

Question for Palbin ... would it be possible to define a constant for the top of mysqli.php such that mysql_real_escape_string would continue to work, at least in compatibility mode? I really don't understand why the statement is not working presently in 2.5. Mysql_real_escape_string that is. It is "built-in" to PHP. I guess it is something about the connection working differently with the new database layer? But I don't understand it.
 
Palbin
Site Admin



Joined: Mar 30, 2006
Posts: 2583
Location: Pittsburgh, Pennsylvania

PostPosted: Thu Jan 19, 2012 10:02 pm Reply with quote

The price of progress. There is nothing we can do short of adding ad additional db connection. Which would double the amount of connections a site needs.

_________________
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian W. Kernighan. 
View user's profile Send private message
Raven







PostPosted: Fri Jan 20, 2012 12:53 am Reply with quote

Dawg wrote:
Raven,

You might also want to move this to the 2.5 forum.

Dawg


I did that at the same time Wink
 
Palbin







PostPosted: Fri Jan 20, 2012 8:33 am Reply with quote

I know it was already stated here, but I would just like to say it again. Everyone needs to be using $db->sql_escape_string() so that we can avoid problems like this in the future.
 
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Sat Jan 21, 2012 8:45 am Reply with quote

Palbin, I have noticed even some new code was added in 2.5 which is using addslashes() still. Having been a part of many releases in the past, I completely understand why this is the case, so this is not a criticism but more a question. Should we (RN Team + Module developers) replace all our addslashes() with this new DB class method?

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
Palbin







PostPosted: Sat Jan 21, 2012 10:40 am Reply with quote

I would have to say yes.
 
fkelly







PostPosted: Sat Jan 21, 2012 10:51 am Reply with quote

While agreeing with Palbin, my greying head makes me want to say that we should have an approach to making global changes such as this that conserves resources rather than making multiple passes over the course of the 2.5 to 3.0 update. Including passes at code that we eventually eliminate.

Not to be obscure in saying this ... for example ... news/admin/index.php has a number of functions that overlap and are partially duplicative of each other. It needs to be totally refactored and where we have 8 functions (not an exact number) we should probably have one or two. So, if we are going to make distribution wide changes there we should first get rid of the extraneous code then make the changes rather than making global changes to code we eventually delete. (And I know that there are probably no addslashes left in that code I reference, but just for example).

In other words we need a plan and a timetable and not helter-skelter running around eliminating 7 zillion addslashes (look in the NS code if you want to see those).
 
montego







PostPosted: Sun Jan 22, 2012 8:31 am Reply with quote

@Palbin - ok. Thank you for the guidance.

@fkelly - I had started to give some suggestions on how to handle, but decided not to go more OffTopic to the thread.
 
viper155
Regular
Regular



Joined: Feb 18, 2006
Posts: 99

PostPosted: Mon Feb 06, 2012 1:39 am Reply with quote

I just upgraded our site and alot of our custom blocks are not working. Is this issue related to this post at all??

Code:


<?php

if (eregi("block-youtube-video-random.php",$PHP_SELF)) {
    Header("Location: index.php");
    die();
}


   $res=mysql_query("SELECT tt_vids_videos.id, tt_vids_videos.url,
                     tt_vids_videos.title   
                     FROM tt_vids_videos
                     WHERE tt_vids_videos.active='1' AND tt_vids_videos.video_type='youtube' order by RAND() Limit 1") or die(mysql_error());

   $myrow=mysql_fetch_array($res);
   $v=getYoutubeVideoID($myrow[url]);

   $content .= "<center>$myrow[title]<br><object width=\"135\" height=\"150\"><param name=\"movie\" value=\"http://www.youtube.com/v/$v";
   $content .= '&rel=1&color1=0x3a3a3a&color2=0x999999&border=0"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/';
   $content .= $v;
   $content .= '&autoplay=0&rel=1&color1=0x3a3a3a&color2=0x999999&border=0" type="application/x-shockwave-flash" wmode="transparent" width="135" height="150"></embed></object></center>';


      

   $content .= "<br><center><a href=\"modules.php?name=Youtube_Videos\">Click here for more videos</a></center>";

function getYoutubeVideoID($url) {
      $url_args=strstr($url, "?");
      $url_args=substr($url_args, 1);
      parse_str($url_args);
      return $v;
}


?>


What would I need to change if you can find anything in that code that is causing it not to work. Also on a few of our custom models we are also getting "Access denied for user 'apache'@'localhost' (using password: NO)" errors.
 
View user's profile Send private message Visit poster's website
Palbin







PostPosted: Mon Feb 06, 2012 5:46 am Reply with quote

viper155, your problem is not exactly this problem, but is related. I do not have time this morning to fix this block, but I or someone will get to it. Please start other topics for your modules. It they are a lot of code please zip them up and post a link.
 
Dawg







PostPosted: Mon Feb 06, 2012 5:59 am Reply with quote

Try this...

I do not have a way of testing it to se what else is wrong...but...

Code:


<?php
if ( !defined('BLOCK_FILE') ) {
    Header('Location: ../index.php');
    die();
}
$res=mysql_query("SELECT tt_vids_videos.id, tt_vids_videos.url,tt_vids_videos.title FROM tt_vids_videos WHERE tt_vids_videos.active='1' AND tt_vids_videos.video_type='youtube' order by RAND() Limit 1") or die(mysql_error());
$myrow = $db->sql_fetchrow($res);
$v=getYoutubeVideoID($myrow['url']);
$content .= "<center>$myrow[title]<br><object width='135' height='150'><param name='movie' value='http://www.youtube.com/v/$v";
$content .= '&rel=1&color1=0x3a3a3a&color2=0x999999&border=0"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/';
$content .= $v;
$content .= '&autoplay=0&rel=1&color1=0x3a3a3a&color2=0x999999&border=0" type="application/x-shockwave-flash" wmode="transparent" width="135" height="150"></embed></object></center>';
$content .= "<br><center><a href='modules.php?name=Youtube_Videos'>Click here for more videos</a></center>";
function getYoutubeVideoID($url) {
      $url_args=strstr($url, "?");
      $url_args=substr($url_args, 1);
      parse_str($url_args);
      return $v;
}
?>


Dawg
 
nuken







PostPosted: Mon Feb 06, 2012 7:40 am Reply with quote

If that doesn't work for you, you can try this one:

Code:


<?php

if ( !defined('BLOCK_FILE') ) {
   Header('Location: ../index.php');
   die();
}

global $db;
   $res=$db->sql_query("SELECT tt_vids_videos.id, tt_vids_videos.url,
                     tt_vids_videos.title   
                     FROM tt_vids_videos
                     WHERE tt_vids_videos.active='1' AND tt_vids_videos.video_type='youtube' order by RAND() Limit 1") or die($db->sql_error());

   $myrow=$db->sql_fetchrow($res);
   $v=getYoutubeVideoID($myrow[url]);

   $content .= "<center>$myrow[title]<br /><object width=\"135\" height=\"150\"><param name=\"movie\" value=\"http://www.youtube.com/v/$v";
   $content .= '&rel=1&color1=0x3a3a3a&color2=0x999999&border=0"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/';
   $content .= $v;
   $content .= '&autoplay=0&rel=1&color1=0x3a3a3a&color2=0x999999&border=0" type="application/x-shockwave-flash" wmode="transparent" width="135" height="150"></embed></object></center>';


     

   $content .= "<br /><center><a href=\"modules.php?name=Youtube_Videos\">Click here for more videos</a></center>";

function getYoutubeVideoID($url) {
      $url_args=strstr($url, "?");
      $url_args=substr($url_args, 1);
      parse_str($url_args);
      return $v;
}
?>
 
Dawg







PostPosted: Mon Feb 06, 2012 8:08 am Reply with quote

Nuken,

You are correct. I did not declare db and fix the sql statement.

If it hard to fix things you can NOT run to see what happens.

Dawg


Last edited by Dawg on Mon Feb 06, 2012 9:11 am; edited 1 time in total 
nuken







PostPosted: Mon Feb 06, 2012 8:46 am Reply with quote

very true....
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©